Our 2016 Open Source Donations

Thank you all for the nominations for our 2016 open source donations program. As usual, there was a wide variety of projects that could benefit from additional funding and fit the theme of raising the standard of trust online. We try to make this a joint effort with the commuity and you didn't disappoint! Hear Gabriel, the founder of DuckDuckGo, announce this year's recipients:

For the third year in a row we're supporting SecureDrop. From their own website, SecureDrop "is an open-source whistleblower submission system managed by Freedom of the Press Foundation that media organizations use to securely accept documents from anonymous sources." At this time last year there were 15 media organizations providing SecureDrop installations. Now there are 24, and we hope with our donation that we can help them increase this number significantly.

The Freenet Project intends to "re-establish freedom of speech on the internet" via its peer-to-peer network offering censorship-resistant communication. Being peer-to-peer, users both utilize and provide a means of communication and browsing aimed at avoiding surveillance. On top of hosting and administrative costs, the project also tries to employ paid developers to provide more-focused work alongside that of its volunteers. One area of focus is combatting the inevitable spam that plagues any anonymous system. We hope our donation can help this 15-year-old project continue to thrive.

An often overlooked part of the encryption chain is the hardware that cryptographic software runs on. Being able to trust such devices is essential and to ensure this, the CrypTech project is developing an "open-source hardware cryptographic engine design that meets the needs of high assurance Internet infrastructure systems that use cryptography." Naturally they're developing this in the open and you can discover how to set up the hardware and software yourself, as well as inspecting the architecture and chip design.

While there are many projects under the Tor umbrella, we've chosen to support their hidden onion services (of which DuckDuckGo runs one). These services form an anonymity network making it difficult to trace internet activity back to the user. As Tor Project executive director Shari Steele says, "Onion/hidden services are used by activists around the world to report government abuse, by journalists to communicate with their sources, and by individuals who want to research anonymously and securely. The Tor Project is grateful for the support of DuckDuckGo for this important part of our work."

Open source is increasingly reliant on encryption technology, however governments around the world are trying to place restrictions on encryption at a time when more and more of our personal data is being stored online. The Save Security campaign, although not open source itself, aims to "seize every teachable moment to educate the public about the importance of encryption; to provide the tools that can be used to advocate reform; and to build a large and diverse coalition that includes allies across the political spectrum as well as a cadre of organizations and businesses." This is just one of several projects that Fight for the Future coordinates to increase trust both online and offline.

The Open Source Technology Innovation Fund (OSTIF) exists to "connect open-source security projects with much-needed funding and logistical support." This means supporting various projects, one of which is VeraCrypt, free disk encryption software based on TrueCrypt 7.1a. While TrueCrypt underwent a community-backed audit last year, this has yet to happen for VeraCrypt. We hope that this donation provides a solid foundation for the audit as well as bringing wider attention to the work of OSTIF.

LEAP (LEAP Encryption Access Project) is a "non-profit dedicated to giving all internet users access to secure communication." They're working towards this goal by developing a suite of high security, easy-to-use communication tools. For providers, there's the LEAP Platform, a set of packages and recipes to automate the provision of a secure communication service. For end users, they've created Bitmask, a cross-platform application that provides a local proxy for email clients, as well as an easy-to-use VPN service. LEAP is one of several projects that Riseup Labs provides support for, including Tails which we donated to last year.

We donated to GPGTools last year as well, but this time the funding is to support development on GPGMail, an extension for Apple Mail that provides public key e-mail encryption and signing. We strongly support any project that can bring the ideal of ubiquitous end-to-end encrypted email a step closer. As with all projects that depend on external software, continuous development is needed to keep up with version changes, as well as the usual feature additions and bug fixes.

I would like to inform you that I feel very proud to be a happy user of the DuckDuckGo is already my homepage on my Mac and on my iPhone. I loved to see the VeraCrypt between the sponsored applications! Another application that I nominate vehement sponsorship is the Signal. 👏👏👏👏👏👏👏👏👏👏👏